Securing Client Side Scripts


#1

We’ve built JQueryMobile/PhoneGap apps that use DreamFactory as the backend service. Now that we are building a web based JQueryMobile app, we just realized that the scripts can be viewed on the browser. This wasn’t a problem on PhoneGap since the scripts were compiled. Although this problem is not a DreamFactory problem, do any you have suggestions or strategies for protecting client-side scripts in your DreamFactory projects?


#2

CLient side scripts are never really secured because… well they are on the client side.

For the first things, you can minify your sources, maybe obscurify (or uglify) them


http://www.jsmini.com/


#3

Thanks stadja for the reply. This all stemmed from the fact that we did not want to create DreamFactory users for everyone due to the need for additional user information and our own role management requirements. The lesson here is not to hard code a user/password on the web client side. The dilemma is that if you allowed GUEST access to your API, this would open up the API to anyone.